{"id":21,"date":"2022-09-03T22:21:07","date_gmt":"2022-09-04T03:21:07","guid":{"rendered":"https:\/\/terrabytefoundry.com\/blog_s\/?p=21"},"modified":"2022-09-03T22:21:09","modified_gmt":"2022-09-04T03:21:09","slug":"decluttering-the-it-sec-alphabet-for-data-privacy","status":"publish","type":"post","link":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/","title":{"rendered":"Decluttering the IT Sec Alphabet for Data Privacy"},"content":{"rendered":"\n

With the focus over the past few years on Data Privacy at the institutional level continuing to gain traction across the globe, it is important for companies to understand how these (potential) changes will affect their IT department.  With that in mind, I thought it good to start with some of the foundational concepts regarding data privacy.  Specifically, what role do the key players actually represent, assuming they are properly vetted and sourced to fill the correct business needs within the enterprise.  Today I will discuss three of the key leadership positions and the ideals and focus of each \u2013 in a perfect (well-funded) IT department.<\/p>\n\n\n\n

Chief Technology Officer\/Chief Information Officer (CTO) \u2013 The CTO, also known as CIO, is the head of the company\u2019s technical assets<\/h6>\n\n\n\n

The CTO\u2019s focus should be on making certain that the Enterprise is running as smoothly as possible and it set up to support the key business objectives.  Depending on the size of the company, the departments under the CTO umbrella have a wide range of responsibilities that have some aspect of building and supporting electronic products and\/or business processes. In a nutshell, the CTO is the person that translates the executive plans for the company into \u201ctechnical speak\u201d and controls how the IT related staff works to support those executive plans.<\/p>\n\n\n\n

Chief Information Security Officer (CISO \u2013 sounds like See So) – The responsibility of this position is the integrity of the technical systems<\/h6>\n\n\n\n

The CISO, in most situations, will report to the CTO.  IT Security is the primary driving point of this person\/department.  Again, depending on the size of the company the title may change some (Director of IT Sec, VP of Cybersecurity, etc.), but the function will remain the same.  A number of companies I work with also \u201coutsource\u201d some of the work to internal operations or third-party companies to manage the day to day efforts, while serving in an oversight and advisory manner.  The where and how the work get\u2019s done is less important than making sure that it is done correctly.  This group also tends to be the primary point of contact when working with external auditors\/assessors on compliance related efforts.<\/p>\n\n\n\n

Data Privacy Officer (DPO) \u2013 Tasked with representing the customer\u2019s interest within the environment<\/h6>\n\n\n\n

This position is a relatively new position that is quickly becoming one of, if not the most important leadership position in the enterprise.  It also has a much different approach to the focus of their mission.  The Data Privacy Officer\u2019s main focus is on the integrity and management of the customer data.  I know what you may be thinking right now.  \u201cDidn\u2019t you just say that was the job of the CISO?\u201d Well, yes.  I did say something similar to that.  Let us look again.  The DPO\u2019s main focus is on the integrity and management of the CUSTOMER DATA.  There are two subtle differences in the approach between a CISO and DPO.<\/p>\n\n\n\n

  1. Customer Data \u2013 The DPO\u2019s approach is that as a representative of the customer.  Their job is to make certain that the company isn\u2019t doing anything that places the customer at risk or acts in a way that is outside of the agreed upon terms between the company and the customer that provided their personal data.  This is a direct response to the focus of privacy acts and regulations popping up around the globe, such as GDPR (EU Privacy) and CCPA (California) and the expectation of many more governments passing similar laws.<\/li>
  2. Hierarchy \u2013 Typically the DPO is outside of the IT department.  While they are a technical resource, and require technical knowledge to do their job properly, due to the nature of them being a voice on behalf of the customer they usually report outside of IT to avoid conflicts or internal pressure that may sway them from doing their job correctly out of fear of losing it.  In larger companies the DPO will report to the legal department.  In companies that don\u2019t have legal departments in house, they can also report directly to the President\/CEO.  Of course, that does not mean there is a need to do a reorg if this isn\u2019t how you have the structure within your company.  If things are working well and the DPO is a Rockstar \u2013 then don\u2019t fix something that isn\u2019t broken.<\/li><\/ol>\n\n\n\n
    conclusion – What does this mean for the data privacy needs of your organization?\u00a0<\/h6>\n\n\n\n

    To be honest, I cannot give a specific answer on that (without talking to you.)\u00a0 My best suggestion would be to have the round table discussion with the leadership of your company and confirm that you have someone that is designated as the \u201cvoice of the customer\u201d and get them trained on how the relevant security regulations will affect your business operations.\u00a0 You can also hire a DPO.\u00a0 According to Glassdoor, the average salary for a DPO (as of Sep 2022) is right at $113,000, ranging up to $277,000.\u00a0 This is a national average, so cost will vary drastically based on the market.\u00a0 You can also hire consultants if looking to save money on annual spending.\u00a0 You could probably get a good privacy consultant for a third of the cost of a full time DPO, that can work with\u00a0 your IT and HR leadership to build, design, and implement your privacy program in a compliant manner across all areas you are doing business.<\/p>\n\n\n\n

    As always, if you have any questions reach out to us via social media or the contact information listed on the website.<\/p>\n\n\n\n

    Thanks for reading.  Talk to you soon!<\/h6>\n\n\n\n

    Shawn Adams – @TBF_shawn (twitter)<\/p>\n","protected":false},"excerpt":{"rendered":"

    With the focus over the past few years on Data Privacy at the institutional level continuing to gain traction across the globe, it is important for companies to understand how these (potential) changes will affect their IT department.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","om_disable_all_campaigns":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10,9,12,11,7],"tags":[13],"class_list":["post-21","post","type-post","status-publish","format-standard","hentry","category-c-level","category-culture","category-data-privacy","category-management","category-shawn","tag-data-privacy"],"yoast_head":"\nDecluttering the IT Sec Alphabet for Data Privacy - Shawn's Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Decluttering the IT Sec Alphabet for Data Privacy - Shawn's Blog\" \/>\n<meta property=\"og:description\" content=\"With the focus over the past few years on Data Privacy at the institutional level continuing to gain traction across the globe, it is important for companies to understand how these (potential) changes will affect their IT department.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/\" \/>\n<meta property=\"og:site_name\" content=\"Shawn's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-04T03:21:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-04T03:21:09+00:00\" \/>\n<meta name=\"author\" content=\"TBF_Shawn\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TBF_Shawn\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/\"},\"author\":{\"name\":\"TBF_Shawn\",\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/#\\\/schema\\\/person\\\/588d52e259ebeabac260cbb21bb1aeb4\"},\"headline\":\"Decluttering the IT Sec Alphabet for Data Privacy\",\"datePublished\":\"2022-09-04T03:21:07+00:00\",\"dateModified\":\"2022-09-04T03:21:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/\"},\"wordCount\":972,\"keywords\":[\"Data Privacy\"],\"articleSection\":[\"C Level\",\"Culture\",\"Data Privacy\",\"Management\",\"Shawn\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/\",\"url\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/\",\"name\":\"Decluttering the IT Sec Alphabet for Data Privacy - Shawn's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/#website\"},\"datePublished\":\"2022-09-04T03:21:07+00:00\",\"dateModified\":\"2022-09-04T03:21:09+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/#\\\/schema\\\/person\\\/588d52e259ebeabac260cbb21bb1aeb4\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/2022\\\/09\\\/03\\\/decluttering-the-it-sec-alphabet-for-data-privacy\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Decluttering the IT Sec Alphabet for Data Privacy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/#website\",\"url\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/\",\"name\":\"Shawn's Blog\",\"description\":\"Shawn's Thoughts and Ramblings\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/#\\\/schema\\\/person\\\/588d52e259ebeabac260cbb21bb1aeb4\",\"name\":\"TBF_Shawn\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5acf07715e5622368f9bc851369ef517917f409c14615da93434e0dcf7bbed28?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5acf07715e5622368f9bc851369ef517917f409c14615da93434e0dcf7bbed28?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5acf07715e5622368f9bc851369ef517917f409c14615da93434e0dcf7bbed28?s=96&d=mm&r=g\",\"caption\":\"TBF_Shawn\"},\"sameAs\":[\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\"],\"url\":\"https:\\\/\\\/terrabytefoundry.com\\\/blog_s\\\/author\\\/tbf_shawn\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Decluttering the IT Sec Alphabet for Data Privacy - Shawn's Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/","og_locale":"en_US","og_type":"article","og_title":"Decluttering the IT Sec Alphabet for Data Privacy - Shawn's Blog","og_description":"With the focus over the past few years on Data Privacy at the institutional level continuing to gain traction across the globe, it is important for companies to understand how these (potential) changes will affect their IT department.","og_url":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/","og_site_name":"Shawn's Blog","article_published_time":"2022-09-04T03:21:07+00:00","article_modified_time":"2022-09-04T03:21:09+00:00","author":"TBF_Shawn","twitter_card":"summary_large_image","twitter_misc":{"Written by":"TBF_Shawn","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/#article","isPartOf":{"@id":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/"},"author":{"name":"TBF_Shawn","@id":"https:\/\/terrabytefoundry.com\/blog_s\/#\/schema\/person\/588d52e259ebeabac260cbb21bb1aeb4"},"headline":"Decluttering the IT Sec Alphabet for Data Privacy","datePublished":"2022-09-04T03:21:07+00:00","dateModified":"2022-09-04T03:21:09+00:00","mainEntityOfPage":{"@id":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/"},"wordCount":972,"keywords":["Data Privacy"],"articleSection":["C Level","Culture","Data Privacy","Management","Shawn"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/","url":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/","name":"Decluttering the IT Sec Alphabet for Data Privacy - Shawn's Blog","isPartOf":{"@id":"https:\/\/terrabytefoundry.com\/blog_s\/#website"},"datePublished":"2022-09-04T03:21:07+00:00","dateModified":"2022-09-04T03:21:09+00:00","author":{"@id":"https:\/\/terrabytefoundry.com\/blog_s\/#\/schema\/person\/588d52e259ebeabac260cbb21bb1aeb4"},"breadcrumb":{"@id":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/terrabytefoundry.com\/blog_s\/2022\/09\/03\/decluttering-the-it-sec-alphabet-for-data-privacy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/terrabytefoundry.com\/blog_s\/"},{"@type":"ListItem","position":2,"name":"Decluttering the IT Sec Alphabet for Data Privacy"}]},{"@type":"WebSite","@id":"https:\/\/terrabytefoundry.com\/blog_s\/#website","url":"https:\/\/terrabytefoundry.com\/blog_s\/","name":"Shawn's Blog","description":"Shawn's Thoughts and Ramblings","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/terrabytefoundry.com\/blog_s\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/terrabytefoundry.com\/blog_s\/#\/schema\/person\/588d52e259ebeabac260cbb21bb1aeb4","name":"TBF_Shawn","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5acf07715e5622368f9bc851369ef517917f409c14615da93434e0dcf7bbed28?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5acf07715e5622368f9bc851369ef517917f409c14615da93434e0dcf7bbed28?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5acf07715e5622368f9bc851369ef517917f409c14615da93434e0dcf7bbed28?s=96&d=mm&r=g","caption":"TBF_Shawn"},"sameAs":["https:\/\/terrabytefoundry.com\/blog_s"],"url":"https:\/\/terrabytefoundry.com\/blog_s\/author\/tbf_shawn\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/posts\/21","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/comments?post=21"}],"version-history":[{"count":2,"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/posts\/21\/revisions"}],"predecessor-version":[{"id":23,"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/posts\/21\/revisions\/23"}],"wp:attachment":[{"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/media?parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/categories?post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/terrabytefoundry.com\/blog_s\/wp-json\/wp\/v2\/tags?post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}